Speaker: Daryl Bonhaus Symantec Research Labs
Title: Security Event Correlation

Abstract: Corporate IT departments must deal with a large volume of security
data produced by network sensors. Various network sensors and the types of
events they produce are discussed, as well as the techniques used to reduce
this data to a manageable amount and produce meaningful and actionable
alerts. The discussion concludes with an overview of Symantec's DeepSight
Threat Management System including descriptions of how a few well known
outbreaks were handled by the system.

Bio: I have been working at Symantec since 2000 and have been a member of
Symantec Research Labs since it was formed in 2002. My work at Symantec has
included applications of machine learning techniques, investigations of
intrusion detection systems for embedded devices and FPGA-based security
algorithms, and techniques for image analysis and matching. Prior to joining
Symantec, I worked at NASA's Langley Research Center doing algorithm
development in the field of computational fluid dynamics. I received a Ph.D.
In Aerospace and Ocean Engineering from Virginia Tech in 1998, an M.S. In
Fluid Mechanics from George Washington University in 1993, and a B.S. In
Aerospace Engineering from the University of Cincinnati in 1990.